Data breach reports are at a record high
According to a report by Computer Weekly, the Information Commissioner's Office (ICO) has dealt with more data breach reports and issued more fines in the past year than ever before.
This is a big improvement from two years ago, when a report, also by Computer Weekly revealed that an estimated 92% of data breaches go unreported to the ICO.
A half of all information security breaches are due to human error, more often than not, by people not understanding the policy.
With tougher penalties of up to €20m or 4% of global annual turnover on the way as a result of the GDPR, there has never been a bigger incentive to get data security right.
Top tips to improve your data security and reporting:
- Familiarise yourself with your company's IT, information security, privacy and confidentiality rules and related policies - You can't fully protect yourself and your firm if you don't know what to do
- Be clear about your responsibilities - Know what data you are responsible for, what you are allowed to do with it and what you aren't
- Take extra care when taking data offsite - Only do this if it is absolutely essential; make sure that any data is encrypted or password-protected; and ensure that it's returned or deleted after use
- Only use secure networks to access or transfer your firm's data - Accessing your company's network via a public WiFi hotspot in a cafe will make you more vulnerable
- Only share information on a 'need to know' basis - Avoid forwarding data to groups of people and take care typing email addresses to avoid sending data to the wrong recipient
- Understand and check document classifications (eg - Private, Confidential, Public, etc) and privileges - Even people in the same department or function may have different access rights so check who is entitled to what and how documents are classified before sharing them
- Follow the password rules - Use strong passwords and change them regularly; avoid sharing your password with anyone else as your password may give others access to restricted information
- Only use work devices to access information related to your firm - Avoid forwarding data to your personal email or smartphone
- If you're not sure how to protect your firm's data, ask - You can get more advice and support from the IT department or your manager
- Never conceal data losses or breaches - If you make a mistake, tell your manager or IT department immediately so your firm can act quickly to limit their losses
Want to know more about GDPR?
As well as 30+ free compliance training aids, we regularly publish informative GDPR blogs. And, if you're looking for a training solution, why not visit our GDPR course library.
If you've any further questions or concerns about SM&CR, just leave us a comment below this blog. We are happy to help!